Fake code, high prices
CloudSEK researchers analyzed nearly 25,000 posts on Telegram, many of which claimed to be selling authentic Pegasus code, the statement said. These posts tend to follow the standard template for providing illegal services, which is frequently mentioned by Pegasus and NSO tools.
CloudSEK researchers have gone further, collaborating with over 150 vendors.
By working with more than 150 vendors, CloudSEK has gained insight into various samples and indicators shared by these players. “This includes Pegasus source code, live demonstrations, file structures, and snapshots,” the CloudSEK report said.
The report also identified six instances of fake Pegasus HVNC (Hidden Virtual Network Computing) samples distributed on the dark web between May 2022 and January 2024.
Similar abuses were also seen on code-sharing platforms, where fraudsters distributed their randomly generated source codes, associating them with Pegasus Spyware, the internet security firm said in a report.
“After analyzing 15 samples and more than 30 indicators from Human Intelligence (HUMINT), deep, and dark web sources, CloudSEK found that almost all samples were fraudulent and ineffective,” said the statement explaining the result of the investigation. “Scare actors have created their own tools and scripts, distributing them under the Pegasus name to get credit for making money.”
Source link